BASH PATCH REPORT ================= Bash-Release: 5.2 Patch-ID: bash52-004 Bug-Reported-by: Antoine Bug-Reference-ID: <8bd59753-05ff-9b09-2337-2c7f52ded650@glitchimini.net> Bug-Reference-URL: https://lists.gnu.org/archive/html/bug-bash/2022-10/msg00022.html Bug-Description: Bash needs to keep better track of nested brace expansions to avoid problems with quoting and POSIX semantics. --- a/patchlevel.h +++ b/patchlevel.h @@ -25,6 +25,6 @@ regexp `^#define[ ]*PATCHLEVEL', since that's what support/mkversion.sh looks for to find the patch level (for the sccs version string). */ -#define PATCHLEVEL 3 +#define PATCHLEVEL 4 #endif /* _PATCHLEVEL_H_ */ --- a/subst.c +++ b/subst.c @@ -1798,6 +1798,9 @@ extract_heredoc_dolbrace_string (string, return (result); } +#define PARAMEXPNEST_MAX 32 // for now +static int dbstate[PARAMEXPNEST_MAX]; + /* Extract a parameter expansion expression within ${ and } from STRING. Obey the Posix.2 rules for finding the ending `}': count braces while skipping over enclosed quoted strings and command substitutions. @@ -1828,6 +1831,8 @@ extract_dollar_brace_string (string, sin if (quoted == Q_HERE_DOCUMENT && dolbrace_state == DOLBRACE_QUOTE && (flags & SX_NOALLOC) == 0) return (extract_heredoc_dolbrace_string (string, sindex, quoted, flags)); + dbstate[0] = dolbrace_state; + pass_character = 0; nesting_level = 1; slen = strlen (string + *sindex) + *sindex; @@ -1852,6 +1857,8 @@ extract_dollar_brace_string (string, sin if (string[i] == '$' && string[i+1] == LBRACE) { + if (nesting_level < PARAMEXPNEST_MAX) + dbstate[nesting_level] = dolbrace_state; nesting_level++; i += 2; if (dolbrace_state == DOLBRACE_QUOTE || dolbrace_state == DOLBRACE_WORD) @@ -1864,6 +1871,7 @@ extract_dollar_brace_string (string, sin nesting_level--; if (nesting_level == 0) break; + dolbrace_state = (nesting_level < PARAMEXPNEST_MAX) ? dbstate[nesting_level] : dbstate[0]; /* Guess using initial state */ i++; continue; }